CVE-2022-40929 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
Microsoft Windows has a feature called background task. It can be used to do tasks at a scheduled time or when the system is idle. The main advantage of this feature is that it doesn’t consume CPU resources when the system is not in use, which results in better battery life. There are certain scenarios where the background task execution can be dangerous. For example, you can create a background task which downloads and executes a malicious file or sends a malicious request to a remote server when the system is idle. There are a few things which you need to keep in mind while creating a background task. First of all, it should be a task which doesn’t consume a lot of CPU resources. For example, installing software, downloading updates, etc. Second, the task should be executed at a scheduled time or when the system is idle. Third, antivirus software and other security solutions needs to be enabled on the system, so that if a malicious file is downloaded or a malicious request is sent, it can be blocked/detected.
Create a scheduled task in Windows 10
This article discusses how to create and schedule a task in Windows 10. After creating the task, you can select the time when the task will be executed.
How to create a scheduled task in Windows?
There are two types of scheduled tasks in Windows- one which can be executed manually, and one which is executed automatically. The following code snippet shows how to create a scheduled task which will be executed at a specific time every day.
scheduledTask1 = CreateScheduledTask("Google Chrome", "C:\Chrome\Application\chrome.exe")
scheduledTask2 = CreateScheduledTask("Google Chrome", "C:\Chrome\Application\chrome.exe", DateTime.Now - TimeSpan.FromDays(1))
Create a scheduled task using Windows PowerShell
To create a scheduled task using PowerShell, you need to make sure that the Windows Firewall is turned on. To do so, follow these steps:
Open Windows PowerShell as an administrator
Enable Windows Firewall for remote management by typing "Enable-NetFirewallRule RemoteManagement" without quotes or if you prefer, you can use the shortcut Control Panel > System and Security > System > Windows Firewall > Advanced Settings > Allow an app through Windows Firewall.
Type "Get-NetFirewallProfile | Format-Table -AutoSize," and enter in your password when prompted to do so. This will list all of your network profiles. Select “Local Area Connection 3” from the list to continue.
Right click on Local Area Connection 3, select Properties, then select Advanced Settings. On the left hand side under Startup type, ensure that Automatic is selected. In the right hand side of the window under Startup Programs add a tick next to Microsoft Windows Power Shell (x86) - Current Version 10.0 or higher and click OK twice.
Select New Task from the Actions menu on the top bar and type in a name for your scheduled task. For this example we'll call it Enable Background Task Service .
Select Next at the bottom of the wizard then Add arguments (optional) . The first argument will be something like "-Command ". Make sure there is nothing before that -- only spaces after it -- then type in "-Service " followed by a space then
Create scheduled task in Windows
1. Open Control Panel, select System and Security, then click on Action Center.
2. Scroll down and select Task Scheduler.
3. On the left side of Task scheduler window, under Actions tab, click Create Basic Task.
4. Enter the task name as "Background Downloader" and click Next to continue.
5. Select When I am idle from the drop-down menu and specify the time (in minutes) when the background downloader task is to be executed and click Next to continue.
6. Click Finish to create the task in Windows 10 or Finish and New to create a new task in Windows 7 or 8/8.1 systems with a blank template for you to customize it later on if necessary.
Creating a Scheduled Task Using Task Scheduler
Step 1: Open Task Scheduler.
Step 2: Create a task for the background task which doesn’t consume a lot of CPU resources, and schedule it to run at a scheduled time or when the system is idle.
Step 3: Make sure you enable antivirus software and other security solutions on the system to block malicious file downloads/sends, if any, from happening on the system.
Timeline
Published on: 09/28/2022 18:15:00 UTC
Last modified on: 09/29/2022 19:21:00 UTC